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BACKGROUND OF THE INVENTION 
FIELD OF THE INVENTION 

The present invention relates to a computer 
system including a storage device capable of managing 
5 security information and in particular to technique for 
automatically reflecting modification of managed 
information caused by replacement of an error component 
of an upper node device or the like to the security 
information. 

10 DESCRIPTION OF THE RELATED ART 

Technique of security for access to a storage 
controller from an upper node device is disclosed, for 
example, in JP-A-10-333839 (corresponding to EP 0 881 
560 A2 ) which provides a storage device having the 

15 security function to prevent an unauthorized access 
from an upper node device by setting port name infor- 
mation for uniquely identifying an upper node device in 
the storage controller, so as to be compared with port 
name information stored in a frame sent from the upper 

20 node device, thereby determining whether the access is 
allowed . 

However, according to the technique disclosed 
in JP-A-10-333839, when an interface component of the 
upper node device is replaced with a new one and a port 
25 name before the replacement is changed to a different 
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port name after the replacement, it becomes impossible 
to access the new port name after the replacement due 
to security information set in the storage controller. 
For this, it is necessary to correct the security 
5 setting on the storage device after the replacement. 
Since a fiber channel can connect an upper node device 
to a storage controller via fabric, the upper node 
device may be at a distance from the storage 
controller. Accordingly, replacement of an interface 
10 component of the upper node device should be enabled 
without depending on the setting of the storage 
controller. 

Moreover, since the port name is used as an 
identifier of the upper node device, security setting 
15 depending on an upper node device has been impossible 
when the upper node device has a plurality of fiber 
channel ports . 

SUMMARY OF THE INVENTION 

It is therefore an object of the present 
invention to provide a computer system including an 
upper node device having a connection port, an 
information exchange device connected to the connection 
port and controlling packet transfer, and a storage 
controller connected to the information exchange device 
and sending/receiving a packet to/from the upper node 
device via the information exchange device. 

The storage controller has a control table 
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containing connection port identification information 
and connection port security information. The control 
table may be created for each of the upper node device 
or the control table may further contain identification 
5 information of the upper node device. The storage 
controller detects replacement of the connection port 
according to information obtained from the information 
exchange device. When a replacement of the connection 
port is detected, the connection port identification 

10 information in the control table is replaced by new 
connection port identification information after the 
replacement. 

Thus, according to the present invention, the 
security information of the connection port before 

15 replacement can be retained in the security information 
of the connection port after the replacement. 

Moreover, when a node name is contained as 
the security information, for an upper node device 
having a plurality of fiber channel ports, it is 

20 possible to set security depending on the upper node 
device. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 shows system configuration according 
to an embodiment of the present invention. 
25 Fig. 2 shows a sequence for creating a 

control table required by the embodiment. 

Fig. 3 shows an I/O specification of a 
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standard extended link service capable of providing 
attribute information concerning a fiber channel port 
to be managed by the embodiment. 

Fig. 4 shows a data transfer sequence of an 
5 ordinary fiber channel. 

Fig. 5 shows a decision sequence when allow- 
ing an I/O request according to the embodiment. 

Fig. 6 shows a control table correction 
sequence according to the embodiment when a fiber 
10 channel port is replaced or the like. 

Fig. 7 shows a detection sequence detecting a 
fiber channel port replaced according to the embodi- 
ment. 



DESCRIPTION OF THE EMBODIMENTS 

15 Firstly, referring to Fig. 1, explanation 

will be given on interface of a fiber channel according 
to the present invention and a storage device using the 
fiber channel interface. 

Fig. 1 shows a configuration example of a 

20 storage system using a disk array as a storage 

controller. In Fig. 1, reference numerals 10 and 2 0 
denote upper-node devices as CPU's for performing data 
processing. Each of the upper node device 10, 20 has 
fiber channel ports 11, 12 and 21. A fiber channel 

25 port 13 is for replacement and is not mounted on the 
upper node device 10 or 20. Each of the fiber channel 
ports 11, 12, 13 and 21 has a port name as an 



identifier for uniquely identifying the corresponding 
fiber channel port. Each of the upper node devices 10 
and 20 has a node name as an identifier for uniquely 
identifying the corresponding upper node device. The 
5 reference numeral 40 denotes a storage controller of a 
disk array according to the present invention. The 
storage controller 40 is connected via a fabric 30 to 
the fiber channel ports 11 and 12 of the upper node 
device 10 and the fiber channel port 21 of the upper 

10 node device 20. The fabric 30 has the function of the 
name server 31 defined in the fiber channel standard 
specification for collecting and providing attribute 
information of the devices connected to the fabric 30, 
using an extended link service. 

15 The storage controller 40 includes: a fiber 

channel controller 41 performing data transfer to/from 
the upper node devices 10 and 20 and the extended link 
service with the name server 31; a microprocessor 42 
controlling the entire storage controller; a memory 43 

20 saving a micro-program controlling operation of the 
controller and control data; a data controller 44 
controlling data read and write from/to a cache; a 
cache 45 for temporarily buffering write data and read 
data from a disk drive; a device interface controller 

25 46 controlling data transfer to/from the disk drive; 
and an input interface 47 for entering access security 
information. 

A control table 38 for realizing the present 



invention is creased on the memory 43. The control 
table 38 contains fiber channel port configuration of 
the uppernode devices together with the security 
information. The control table 38 is used to determine 
5 whether an access to the upper node device is to be 
allowed and to detect replacement of the fiber channel 
port. Accordingly, the control table 38 is preferably 
saved in a non-volatile region. 

The reference numeral 50 denotes a disk array 

10 under the control by the storage controller 40. The 

disk array 50 is a device for storing data of the upper 
node device and includes a plurality of disk drives 
arranged so as to have redundancy. The disk array 50 
is logically divided into a plurality of domains LU as 

15 SCSI access unit of the upper node device. In the 

present embodiment, the disk array 50 shows an example 
when having two domains LU0 (51) and LUl <52). 

Referring to Fig. 2 and Fig. 3 7 explanation 
will be given on a sequence for creating a control 

20 table from a user input by the storage controller 40. 
In the example below, the security information uses a 
6 4 -bit port name for a fiber channel port which can be 
uniquely identified. In step 61, a user uses the input 
interface 47 to enter a port name of the fiber channel 

25 port of the upper node device which authorizes I/O. 
Upon reception of the user input, in step 62, the 
storage controller 40 issues a link service request 
GNN_FT (Get Node Name by FC-4 Type) to the name server 



31. 

The name server 31 manages devices connected 
to the fabric in fiber channel port basis and returns 
FS_RJT or FS_ACC in response to the link service 
5 request as shown in 68 in Fig. 3. Normally, when node 
name information is referenced for a fiber channel 
port, a node name of the upper node device to which the 
fiber channel port belongs is indicated. 

GNN_FT uses an I/O format shown in 69 in Fig. 
10 3. GNN_FT is a link service for identifying the fiber 
channel port supporting a particular FC-4 Type among 
the devices connected to the fabric under management of 
the name server and returning its port ID and node name 
by FS_ACC. 

15 in case of SCSI, 08h is specified to the FC-4 

type. 

Thus, in step 62, the storage controller 40 
can fetch the port ID and the node name of the fiber 
channel port of the device supporting the SCSI. Next, 

20 in step 63, the storage controller 40 issues a link 
service request GPN_ID (Get Port Name by Port ID) to 
the name server 31. The GPN_ID has an I/O format shown 
in 70 in Fig. 3. The GPN_ID is a link service 
referencing the port name by the Port ID. In step 63, 

25 the storage controller 40 repeats the GPN_ID using the 
port ID'S fetched in step 62 and identifies the Port ID 
of the fiber channel port allowed for I/O by the user 
in step 61. 
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In step 64, the storage controller 40 uses 
the information fetched in step 62 to identify the node 
name of the fiber channel port allowed for I/O by the 
user in step 61 and then in step, using the sequence of 
5 steps 65 and 66, the information fetched in step 62 is 
used to identify port names of all the fiber channel 
ports of the upper node device specified by that node 
name. In step 67, the storage controller 40 adds 
security information to the port name information 
10 fetched in step 66 so as to constitute the fiber 

channel port configuration information of the upper 
node device, thereby creating a control table 48. In 
step 67, an example is given for a case when an access 
is allowed only to the fiber channel port 11 among the 
15 fiber channel ports of Fig. 1. 

Next, an example will be given on a data 
transfer by the upper node device 10 via the storage 
controller 40 with the disk array 50 where I/O security 
is applied using the control table 48. 
20 Fig. 4 shows a sequence performed by the 

upper node device 10 to the storage controller 40. In 
72, the upper node device 10 issues a link service 
request of PLOGI (port log in) to the storage 
controller 40. For negotiation of various parameters 
25 required for data transfer, a parameter of the upper 
node device 10 is presented to a payload of PLOGI. If 
data transfer is enabled, in 73, the parameter of the 
storage controller 40 is transferred to the upper node 



device 10 by the ACC payload. If the data transfer is 
disabled, in 73, LS_RJT is returned to the upper node 
device 10. when the PLOGI is responded by ACC, a SCSI 
command as shown in 74 is issued as a data frame from 
5 the upper node device 10 to the storage controller 40. 
74 shows an example of read. 

The SCSI command in the data frame received 
by the fiber channel controller 41 is fetched and 
analyzed by the micro processor 42, and a data read 

10 request is issued via the device interface controller 
46 to the disk array 50. When the data is stored in 
the cache 45 via the data interface controller 46 and 
the data controller 44, the micro processor 42 reports 
a data transfer start to the upper node device 10 using 

15 a data frame FCP_XFER_RDY . Data transfer is performed 
using a data frame FCP_DATA and status transfer is 
performed using a data frame FCP_RSP, thereby complet- 
ing access. 

Here, when the security setting of 67 in Fig. 

20 3 is performed, if the upper node device 10 accesses 
via the fiber channel port 11, data transfer is 
performed but if the access is made via the fiber 
channel port 12, no data transfer is performed. For 
this, the storage controller 40 performs a sequence 

25 shown in Fig. 5 upon reception of PLOGI. In step 75, 
upon reception of PLOGI in step 75, the storage 
controller 40 fetches the port name of step 76 and 
compares it with the control table in step 77. If this 



port name can be accessed according to the control 
table, ACC is issued in step 78 to report that the 
upper node device 10 can be accessed. If the port name 
is disabled to be accessed in the control table or if 
the port name is not loaded in the control table, 
LS_RJT is issued in step 79 so as to report that the 
upper node device 10 cannot be accessed. Thus, 
security is assured for access to the upper node device 
according to the present invention. 

Next, explanation will be given on an 
automatic correction technique according to the present 
invention used when correction of the control table 48 
is required due to replacement of a fiber channel port. 
In Fig. 1, for example, the fiber channel port 11 and 
the fiber channel port 13 with a port name Adapter_C 
are replaced. 

Correction of the control table 48 is 
performed when the storage controller 40 has received 
RSCN (registered state change notification) extended 
link service issued from the fabric 30. When a 
connection state of each of the fiber channel ports of 
the devices connected to the fabric 30 is changed, the 
RSCN is reported with the port ID of the fiber channel 
port to the respective devices . A plurality of port 
ID'S may also be used. 

Fig. 6 shows a control table correction 
sequence of the storage controller 40 which has 
received the RSCN. GNN_ID in step 83 is an extended 
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link service indicating the format in 71 of Fig. 3 and 
the node name can be referenced from the port ID. 
Firstly, when the fiber channel port 11 is disconnected 
from the fabric 30 for replacement, the fabric 30 
5 detects the disconnection and issues the RSCN to all 
the devices connected to the fabric 30. In step 83, 
the storage controller 40 issues GNN_ID with the port 
ID fetched from the RSCN payload but since fiber 
channel port 11 is deleted from the information in the 

10 name server 31, the storage controller 4 0 receives 

FS_RJT in step 84, thereby terminating the sequence of 
Fig. 6 without performing anything. 

Next, the when fiber channel port 13 is 
loaded on the upper node device 10 and connected to the 

15 fabric 30, the RSCN is issued from the fabric 30 and 
accordingly, the storage controller 40 again performs 
the process sequence of Fig. 6. The node name fetched 
in step 83 is the one for the upper node device 10 for 
which the fiber channel port has been replaced and is 

20 contained in the control table 48. Accordingly, the 
process proceeds from step 85 to step 86. 

Fig. 7 shows a current table/difference table 
creation sequence in step 86. In order to create a 
list of port names of fiber channel ports present on 

25 the current upper node device 10, the storage control- 
ler 40 issues GNN_FT in step 93, and fetches the port 
ID'S of the fiber channel ports present on the upper 
node device 10 in step 94 and converts the port ID'S 



into port names in step 95. A difference between the 
current table created in step 96 and the control table, 
to which the security information is added so as to 
create the difference table shown in step 97. In the 
5 example shown in step 97, the difference direction of 
the fiber channel port 11 is minus and the difference 
direction of the fiber channel port 13 is plus in the 
difference table. 

Returning to Fig. 6, explanation on the 

10 correction technique of the control table will be 
continued. The fiber channel port having a minus 
difference direction and enabled for access indicates 
that the fiber channel port for which access is allowed 
is not operating. The fiber channel port having a plus 

15 difference direction indicates that a new fiber channel 
port is added to replace the fiber channel port not 
operating. 

In the sequence of Fig. 6, step 87 and step 
88 identifies the fiber channel port before the 

20 replacement and the fiber channel port after the 

replacement, and step 89 corrects the port name on the 
control table. In step 89, for the fiber channel port 
having the minus direction difference, the port name is 
replaced by the port name of the fiber channel port 

25 having the plus direction difference. 

Moreover, when no fiber channel port having 
the minus direction difference is present (in sequence 
90 of Fig. 6) but a fiber channel port having the plus 
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direction difference is present, this means that an 
additional fiber channel port is placed. In this case, 
in 91 of Fig. 6, a port name is added in the control 
table together with the access disabled attribute, so 
5 as to eliminate trouble during fiber channel port 
replacement . 

Here, if the upper node device should be 
stopped when adding a fiber channel port, after the 
fiber channel port is added, upon start of the upper 

10 node device, the start order of the fiber channel ports 
may not be determined and the fiber channel port to be 
added may be identified as the fiber channel port after 
the replacement. However, this can be eliminated by 
starting the upper node device without connecting the 

15 fiber channel port to be added, to the fabric, or by 
applying a history method to the port name correction 
in step 89 of Fig. 6. 

Further, it is possible to provide a storage 
controller enabling finer security management by 

20 assuming storage domains correlating each of resources 
such as a plurality of LUs managed by the storage 
controller and a plurality of fiber channel controllers 
and by having a control table for each of the storage 
areas . 

25 Furthermore, by accepting a node name as the 

security information input and allowing all the data 
I/O received from this node name, the upper node device 
having a plenty of fiber channel ports can reduce the 
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steps required for checking and setting the respective 
fiber channel ports identifiers. 

Accordingly, when a node name is contained in 
the security information, it is possible to perform 
5 security setting depending on an upper node device when 
the upper node device has a plurality of fiber channel 
ports . 

As has been described above, the storage 
controller 4 0 receives a port name input of a fiber 
10 channel port of an upper node device and has the port 
name list of the fiber channel ports of the upper node 
device for each of the node names of the upper node 
device and the control table containing the I/O 
enabling/disabling information, so that a node name 
15 which can be fetched from the fabric is compared to the 
port name list, thereby detecting a fiber channel port 
replacement of the upper node device. in the control 
table, the port name of the fiber channel port replaced 
is rewritten by the port name of the fiber channel port 
20 after the replacement. Thus, the upper node device can 
perform data I/O for the storage controller in the same 
way as before the fiber channel port replacement. 

According to the present invention, for a 
storage controller connected to a fabric and supplied 
25 with a fiber channel port identifier as security 

information, when a fiber channel port of the upper 
node device is replaced, data I/O can be performed in 
the same way as before a fiber channel port replacement 
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without consciously modifying the security information. 



